How does DoS and DDoS work?

on
How does DoS and DDoS work?

What is a DoS (Denial of Service) attack?

The DoS (Denial of Service) attack is a type of cyber-attack that aims to make a server or a network unavailable to its intended users. The attacker sends a large number of requests to the server or network, which makes it difficult for the server or network to respond to legitimate requests. As a result, the server or network becomes unavailable to its intended users.

There are two types of DoS attacks: a single-source attack (DoS) and a multi-source attack (DDoS). In single-source DoS attacks, the attacker sends a large number of requests from a single source. In multi-source DoS attacks, the attacker sends a large number of requests from multiple sources.

Categories of DoS Attack

The DoS attacks can be categorized into two categories:

Buffer Overflow Attacks

In Buffer Overflow Attacks, the attacks result in the overflow of the memory buffer. The buffer is a temporary storage area in the memory of a computer. The memory buffer overflow can cause the server to consume all the resources of the server like CPU, memory, and disk space. As a result, the server becomes unavailable to its intended users.

Flood Attacks

In Flood Attacks, the attacker sends a large number of requests to the server or network to oversaturate the server capacity. The oversaturated server capacity can cause the server to crash. To perform a flood attack, the bandwidth of the attacker should be higher than the bandwidth of the server.


How does DoS Attack Work

dos-mechanism
dos-mechanism

The DoS attack works in the following steps:

  1. The attacker sends a large number of requests to the server or network.
  2. The server or network becomes unavailable to its intended users.

How does DDoS Attack Work

ddos-mechanism
ddos-mechanism

The DDoS attack works in the following steps:

  1. The attacker sends a large number of requests to the server or network from multiple sources.
  2. The server or network becomes unavailable to its intended users.

Types of DoS and DDoS Attack

There are different types of DoS and DDoS attacks. The most common types of DoS and DDoS attacks are:

SYN Flood Attack

syn-flood-attack
syn-flood-attack

SYN flood attack, also known as half-open attack is a type of DoS attack. In this attack, the attacker sends a large number of SYN requests to the server. The server responds to the SYN requests with SYN/ACK packets. The attacker does not respond to the SYN/ACK packets. As a result, the server runs out of resources to respond to legitimate requests. As a result, the server becomes unavailable to its intended users.

Steps to Perform SYN Flood Attack

The attacker performs the SYN flood attack in the following steps:

  1. The attacker sends a large number of SYN requests to the server. Often the requests are with a spoofed IP address.
  2. The server responds to the SYN requests with SYN/ACK packets and waits for the ACK packets from the sender.
  3. The server never receives the ACK packets from the attacker or the client with the spoofed IP address. As a result, the server runs out of resources to respond to legitimate requests.

Ping of Death Attack

ping-of-death-attack
ping-of-death-attack

In Ping of Death Attack, the attacker sends a large number of malformed packets to the server. The size of those malformed packets is larger than the maximum packet size allowed by the server. On transmission, the packets are fragmented into smaller allowed sizes. When the server tries to join the fragments, the total size exceeds the maximum allowed size and this can cause a memory buffer to overflow. As a result, the server can crash.

TearDrop Attack

In a TearDrop attack, the attacker sends a large number of malformed IP packets to the server. The malformed IP packets contain a large number of IP fragments. The server tries to reassemble the IP fragments. As a result, the server runs out of resources to respond to legitimate requests. As a result, the server becomes unavailable to its intended users.


Motivations behind Denial-of-Service Attacks

The attackers perform the DoS attacks to achieve their motivation. Some of the common motivations behind DoS attacks are:

  • Business Competition
  • Financial Gain
  • Ideological
  • Revenge
  • State Sponsored

Preventing Denial of Service Attacks

There are several ways to prevent DoS and DDoS attacks. Some of the common ways to prevent DoS and DDoS attacks are:

Use of Web Application Firewall

WAF (Web Application Firewall) provides a layer of security between the web application and the internet. WAF provides security from malicious security attacks like SQL injection, cross-site scripting, and DoS attacks. WAF can be configured to block the requests from the IP addresses that are sending a large number of requests to the server.

Rate Limiting

Rate limiting is a technique to limit the number of requests that can be sent to the server. The rate limiting can be implemented at the application level or the network level. The rate limiting can be implemented using the following techniques:

  • IP-based rate limiting
  • User-based rate limiting
  • URL-based rate limiting

Use of CDN

CDN (Content Delivery Network) is a network of servers that are distributed across the globe. The CDN stores the static content of the website like images, CSS, and JavaScript files. When a user requests a page from the website, the CDN serves the static content from the nearest server to the user. The use of CDN can prevent DoS and DDoS attacks because the CDN servers are distributed across the globe. As a result, the CDN servers can handle a large number of requests from users.


References